@@ -1114,13 +1114,16 @@
decrypt_status = openvpn_decrypt(&c->c2.buf, c->c2.buffers->decrypt_buf,
co, &c->c2.frame, ad_start);
- if (!decrypt_status
- /* all sockets are of the same type, so just check the first one */
- && link_socket_connection_oriented(c->c2.link_sockets[0]))
+ for (int i = 0; i < c->c1.link_sockets_num; i++)
{
- /* decryption errors are fatal in TCP mode */
- register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */
- msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting");
+ if (!decrypt_status
+ /* all sockets are of the same type, so just check the first one (not anymore!) */
+ && link_socket_connection_oriented(c->c2.link_sockets[i]))
+ {
+ /* decryption errors are fatal in TCP mode */
+ register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */
+ msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting");
+ }
}
}
else
@@ -2239,6 +2242,7 @@
if (status > 0)
{
+ /*printf("\nstatus: %d\n", status); */
int i;
mtcp->event_set_status = 0;
for (i = 0; i < status; ++i)
@@ -2275,10 +2279,6 @@
mtcp->event_set_status = ES_TIMEOUT;
}
}
- else
- {
- mtcp->event_set_status = SOCKET_READ;
- }
}
/* 'now' should always be a reasonably up-to-date timestamp */
@@ -421,7 +421,6 @@
{
buf_printf(&out, ":%d", ntohs(maddr.v4.port));
}
- buf_printf(&out, ":%d", maddr.proto);
}
break;
@@ -454,6 +453,7 @@
buf_printf(&out, "UNKNOWN");
break;
}
+ buf_printf(&out, "|%d", maddr.proto);
return BSTR(&out);
}
else
@@ -74,9 +74,8 @@
struct mroute_addr {
uint8_t len; /* length of address */
- uint8_t unused;
- uint8_t type; /* MR_ADDR/MR_WITH flags */
uint8_t proto;
+ uint8_t type; /* MR_ADDR/MR_WITH flags */
uint8_t netbits; /* number of bits in network part of address,
* valid if MR_WITH_NETBITS is set */
union {
@@ -231,7 +230,7 @@
mroute_addr_hash_ptr(const struct mroute_addr *a)
{
/* NOTE: depends on ordering of struct mroute_addr */
- return (uint8_t *) &a->type;
+ return (uint8_t *) &a->proto;
}
static inline uint32_t
@@ -109,7 +109,7 @@
mi = multi_create_instance(m, NULL, ls);
if (mi && !proto_is_dgram(ls->info.proto))
{
- printf("\nTCP add\n");
+ mi->real.proto = ls->info.proto;
struct hash_element *he;
const uint32_t hv = hash_value(hash, &mi->real);
struct hash_bucket *bucket = hash_bucket(hash, hv);
@@ -746,22 +746,26 @@
ev_arg->u.ls);
}
}
- multi_get_timeout(m, &m->top.c2.timeval);
- io_wait_udp(&m->top, m->mtcp, p2mp_iow_flags(m));
- MULTI_CHECK_SIG(m);
- multi_process_per_second_timers(m);
-
- if (m->mtcp->event_set_status == ES_TIMEOUT)
+ while (true)
{
- multi_process_timeout(m, MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL);
- }
- else
- {
- multi_process_io_udp(m);
+ multi_get_timeout(m, &m->top.c2.timeval);
+ io_wait_udp(&m->top, m->mtcp, p2mp_iow_flags(m));
MULTI_CHECK_SIG(m);
- }
+ multi_process_per_second_timers(m);
+
+ if (m->mtcp->event_set_status == ES_TIMEOUT)
+ {
+ multi_process_timeout(m, MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL);
+ }
+ else
+ {
+ multi_process_io_udp(m);
+ MULTI_CHECK_SIG(m);
+ break;
+ }
+ }
break;
}
}
@@ -193,6 +193,7 @@
struct multi_instance *mi = NULL;
struct hash *hash = m->hash;
real.proto = ls->info.proto;
+ m->local.proto = real.proto;
if (mroute_extract_openvpn_sockaddr(&real, &m->top.c2.from.dest, true)
&& m->top.c2.buf.len > 0)
@@ -1157,11 +1157,12 @@
*/
static struct multi_instance *
multi_get_instance_by_virtual_addr(struct multi_context *m,
- const struct mroute_addr *addr,
+ struct mroute_addr *addr,
bool cidr_routing)
{
struct multi_route *route;
struct multi_instance *ret = NULL;
+ addr->proto = 0;
/* check for local address */
if (mroute_addr_equal(addr, &m->local))
@@ -1247,6 +1248,7 @@
CLEAR(remote_si);
remote_si.addr.in4.sin_family = AF_INET;
remote_si.addr.in4.sin_addr.s_addr = htonl(a);
+ addr.proto = 0;
ASSERT(mroute_extract_openvpn_sockaddr(&addr, &remote_si, false));
if (netbits >= 0)
@@ -3351,6 +3353,14 @@
bool ret = true;
bool floated = false;
+ /*
+ * Since we don't really need the protocol on vaddresses for internal VPN
+ * payload packets, make sure we have the same value to void hashing insert
+ * and search issues.
+ */
+ src.proto = 0;
+ dest.proto = src.proto;
+
if (m->pending)
{
return true;
@@ -3417,7 +3427,6 @@
0,
&c->c2.to_tun,
DEV_TYPE_TUN);
-
/* drop packet if extract failed */
if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED))
{
@@ -3555,6 +3564,8 @@
const int dev_type = TUNNEL_TYPE(m->top.c1.tuntap);
int16_t vid = 0;
+ src.proto = 0;
+ dest.proto = src.proto;
#ifdef MULTI_DEBUG_EVENT_LOOP
printf("TUN -> TCP/UDP [%d]\n", BLEN(&m->top.c2.buf));
@@ -3926,6 +3926,7 @@
{
msg(D_MULTI_DROPPED,
"Incoming control channel packet too big, dropping.");
+ printf("\nif (!buf_copy(in, buf))\n");
goto error;
}
reliable_mark_active_incoming(ks->rec_reliable, in, id, op);
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/439?usp=email to review the following change. Change subject: mroute: properly print protocol at the end of the string ...................................................................... mroute: properly print protocol at the end of the string mroute: substitute unused field with proto Rather than adding a new field 'proto', take advantage of the 'unused' field and rename it. Hashing will now start at the 'proto' field rather than 'type'. MULTI: ensure we've got the correct protocol with virtual addresses MULTI: ensure we've got the same value as protocol for vaddressed Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com> --- M src/openvpn/forward.c M src/openvpn/mroute.c M src/openvpn/mroute.h M src/openvpn/mtcp.c M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/ssl.c 7 files changed, 45 insertions(+), 29 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/39/439/1